How to Integrate Fortigate firewall with Active Directory & LDAP services (SSO)
Рет қаралды 30,263
4 жыл бұрынLearn how to integrate Fortigate firewall with split-DNS, LDAP integration and Single Sign-On (SSO) using Fabric Connector. Restrict or Allow access to resources and internet based on Active Directory users or groups.
===========================
Network Security courses on ElastiCourse/Udemy:
Introduction to Fortigate Firewall
www.elasticourse.com/courses/...
www.udemy.com/course/introduc...
Fortigate Advanced Configuration
www.elasticourse.com/courses/...
www.udemy.com/course/advanced...
Introduction to FortiManager course
www.elasticourse.com/courses/...
www.udemy.com/course/introduc...
===========================
AWS Web Application deployment and migration course
www.elasticourse.com/courses/...
www.udemy.com/course/building...
@ElastiCourse 3 жыл бұрын
This video is part of Fortigate Advanced Configuration Firewall course, get it now on ElastiCourse/Udemy: www.elasticourse.com/courses/advanced-fortigate-configuration/ www.udemy.com/course/advanced-fortigate-configuration/?referralCode=A7C0551AFAA250099526
@tonymarms8908 2 жыл бұрын
works perfectly on may lab environment thanks for this tutorial 👍
@MedoMedo-op3em 2 жыл бұрын
thank you for great example , very informative
@KKKK-rn9hq 10 ай бұрын
Thanks for the helpful information!
@smusnas 3 жыл бұрын
In the video,after 2 mins ,config dns sever is not showing error on edit lan command
@teengoh4n561 4 жыл бұрын
Great introduction! One question though: How does this behave when working with Terminal Servers or even Citrix Virtual Desktops and such where IP addresses are shared. Let's say 2 users are logged in on the same terminal server. One from the IT department one from marketing department. IT department is allowed to ping google.com, marketing department is not. Will marketing department be able to ping google.com because the guy form IT department ist logged in to the same machine?
@ElastiCourse 4 жыл бұрын
Good question! I haven't used Citrix environment myself, but I'm sure having two users login from same IP will cause a conflict, is there a way you can setup different citrix machines for different departments? I would think the firewall will honor whoever user logs in last as it will be the latest IP/Username mix in the list.
@yangderek7139 Жыл бұрын
Thanks for your video. Only confuse part when I browsing Fortigate document is, based on my understanding, LDAP is role&feature in AD, you can install this role inside AD But in many videos, when people connect fortigate to "LDAP", it's basically just connect fortigate to Windows DC with ADDS, so can I assume when people or Fortigate say LDAP basically means windows AD? Thanks in advance
@ElastiCourse Жыл бұрын
Windows AD + LDAP work together to provide federation services. You basically need both to connect to Fortigate.
@gwynbleidd07 Жыл бұрын
Does the "Poll Active Directory Server" work with Virtual Wire Pair? It's connecting to AD, but nothing is showing up in logs Username related.
@ElastiCourse Жыл бұрын
If you can reach AD that's good start, try to debug LDAP to see more details in the error community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Fortigate-LDAP/ta-p/196280
@simplificaparamim 2 жыл бұрын
have you seen this message "AD Server Status(err: server can not be accessible):" ?
@ElastiCourse 2 жыл бұрын
Make sure Windows Server built-in firewall allows the LDAP port to be accessible
@lehitimongchinito 3 жыл бұрын
Hi Sir, may I know if FSSO and LDAP is different to each other? Will LDAP work without FFSO (vice versa)? I'm confused /: Please reply in your most convenient time. Thank you!
@ElastiCourse 3 жыл бұрын
LDAP is the protocol used to communicate with your directory. FSSO are for Fortinet specific groups that you match to anActive Directory group. If you don't create FSSO groups you can only create policies using individual users which is not practical for big companies or big user base.
@lehitimongchinito 3 жыл бұрын
@@ElastiCourse Thank you for your wonderful info sir. I got FortiGate and Active Directory Server and I want my users to be filtered (web/app control etc.,) by using their domain accounts. May I know which configuration you preferred?
@ElastiCourse 3 жыл бұрын
Probably create AD groups for each subset of users and assign each AD group an FSSO, then create policies using those FSSO entries with desired policy for each.
@lehitimongchinito 3 жыл бұрын
@@ElastiCourse You mean sir, instead of using LDAP, you much preferred in using FSSO?
@ElastiCourse 3 жыл бұрын
You use them together to get to achieve the integration with Active Directory and User Groups.
@mojo4475 Жыл бұрын
LDAP Query : sucess(0) fail(8523212) what is the reason and how to fix this?
@ElastiCourse Жыл бұрын
Can you give me more context, what is the setup like and what was the LDAP query
Bikash's Tech
Рет қаралды 4,1 М.
FortiBytes
Рет қаралды 2,4 М.
ElastiCourse
Рет қаралды 9 М.
Bikash's Tech
Рет қаралды 3,7 М.
notebook-31
Рет қаралды 144 М.
Александр Мальков
Рет қаралды 3,1 МЛН
PRO Hi-Tech
Рет қаралды 116 М.
Wylsacom
Рет қаралды 347 М.